Rezultati pretraživanja
  1. prije 4 sata

    2020-02-06:🔥🆕 Injector 'wsus.exe' ➡️ v0.2 'tinymet.exe' <Usage: tinymet.exe [transport] LHOST LPORT> h/t 🚨🗯️TinyMet as Precursor for TA505 Post-Exploitation Operation to MD5: b7fd25034019bc0b09242047d2c1d62a

    1 reply 31 proslijeđeni tweet 56 korisnika označava da im se sviđa
  2. prije 3 sata

    Daily download domain: /shared-cnd.com, playing around with subdomains today. C2 /mainten-ferrum.com

    1 reply 7 proslijeđenih tweetova 19 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
  3. 4. velj

    Looks like is up early today, clean xls already served at de-cnd/en-cnd/es-cnd/fr-cnd.one-drive-ms.com/download.php. Their normal schedule of weaponizing at around 10:00 UTC will probably hold.

    New TA505 domain: one-drive-ms[.]com
    5 proslijeđenih tweetova 7 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
  4. 3. velj

    New download url's ..? - hxxp://en-pld00238.cloud-store-cdn[.]com/download.php - hxxp://en-pld01904.cloud-store-cdn[.]com/download.php but the file seems to be known for quite some time.

    1 reply 5 proslijeđenih tweetova 9 korisnika označava da im se sviđa
  5. prije 3 sata

    The domain /live-cnd.com did have an A-record yesterday and several subdomains, but doesn't resolve today. Saving it for another day maybe?

    1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
  6. prije 7 sati

    Just so it's documented on twitter too, yesterdays download domain was en/de/fr/es.onedrive.live-msr.com and C2 was indeed /wpad-home.com as suspected.

    1 reply 2 proslijeđena tweeta 8 korisnika označava da im se sviđa
  7. 4. velj

    Another for today is: wpad-home[.]com | 185.176.222.44 Live soon I guess ! (cc )

    1 reply 2 proslijeđena tweeta 11 korisnika označava da im se sviđa
  8. 31. sij

    2020-01-31:[INTEL]🙏💬Please remember: is not necessarily (linked to operation). 🕯️While there might be some distribution member overlap, these groups are not the same and cannot be equated. I'm not sure why TA505 is being again AKA'ed as EvilCorp here.

    Dudear (aka TA505/SectorJ04/Evil Corp), used in some of the biggest malware campaigns today, is back in operations this month after a short hiatus. While we saw some changes in tactics, the revived Dudear still attempts to deploy the info-stealing Trojan GraceWire.
    Prikaži ovu nit
    29 proslijeđenih tweetova 49 korisnika označava da im se sviđa
  9. 30. sij

    This report is a year journey✈️ to follow the trail of TA505. ⭐️Especially : TTP, Malwares, Relevance with Carbanak (Only published in Korean😅)

    1 reply 27 proslijeđenih tweetova 62 korisnika označavaju da im se sviđa
  10. 4. velj

    [INFO] campaign uses redirectors to spread info . To read more visit:

    1 reply
    Prikaži ovu nit
    Prikaži ovu nit
  11. prije 21 sat

    Indeed new domain

    Another for today is: wpad-home[.]com | 185.176.222.44 Live soon I guess ! (cc )
    7 proslijeđenih tweetova 11 korisnika označava da im se sviđa
  12. 3. velj

    warns changed tactic in an ongoing campaign

    3 proslijeđena tweeta 1 korisnik označava da mu se sviđa
  13. 30. sij

    Your daily dose of goodness: cdn-de-0691.clouds-share[.]com, cdn-en-0334.clouds-share[.]com - secure-53[.]com smells like the C2 as well but unconfirmed until the kit goes live.

    5 proslijeđenih tweetova 18 korisnika označava da im se sviđa
  14. 4. velj

    Seems todays on one-drive-ms[.]com still hasnt been deployed - still dropping G-Payroll-spreadsheet it seems

    2 proslijeđena tweeta 1 korisnik označava da mu se sviđa
  15. 3. velj

    Confirmings today . Downloads from s/cloud-store-cdn.com/download.php, C2 /microsoft-sback-server.com as I thought.

    1 reply 15 proslijeđenih tweetova 32 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
  16. 30. sij

    2020-01-29: [OSINT] Deep " Activity Report" by FINSEC 🇰🇷 🤔Weird phrasing on "Zeus" group and division into "Carbanak" (Anunak) and . 🙏Also please remember != != !=

    『Zeus 그룹은 TA505 위협 그룹과 Carbanak(FIN7) 위협 그룹으로 나누어졌다고 알려져 있다. 분석 결과 두 그룹은 C&C 서버 IP 및 사이버 공격 라이프 사이클, 각 단계에서 사용한 악성코드 등이 매우 유사한 것을 확인했다.』🤔🤔 「TA505 위협그룹 프로파일링」보고서 발간
    37 proslijeđenih tweetova 67 korisnika označava da im se sviđa
  17. 4. velj

    Group Returns With New Techniques: Report

    1 proslijeđeni tweet
  18. 4. velj

    At least the whole != thing is giving me a clear indication of who is blindly retweeting articles and not doing their own research, and which intel vendors don't define their intrusion sets well.

    1 reply 2 proslijeđena tweeta 6 korisnika označava da im se sviđa
  19. 4. velj

    Microsoft Detects New TA505 Malware Attacks After Short Break by

  20. 3. velj

    Todays C2: /microsoft-sback-server.com ? Resolves to same IP as last weeks C2 IP, but new registrar.

    1 reply 16 proslijeđenih tweetova 25 korisnika označava da im se sviđa

Nema rezultata.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.